Skip to content

Commit ffddd00

Browse files
Simplify deployment and use api-gw for static content
1 parent 67c565f commit ffddd00

File tree

12 files changed

+451
-110
lines changed

12 files changed

+451
-110
lines changed
Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,19 @@
1-
FROM kong:0.14-centos
1+
FROM kong:1.1rc1-centos
22
LABEL description="Centos 7 + Kong 0.14 + kong-oidc plugin"
3+
#RUN USER=root usermod -a -G root kong
4+
35
RUN yum install -y git unzip && yum clean all
46
RUN USER=root luarocks install kong-oidc
7+
RUN yum install -y dos2unix
8+
9+
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
10+
RUN dos2unix /docker-entrypoint.sh
11+
RUN chmod 777 /docker-entrypoint.sh
12+
13+
COPY ./nginx-custom-static-sso.template /usr/local/kong/template/nginx-custom-static-sso.template
14+
15+
COPY ./config-kong.sh /tmp
16+
RUN dos2unix /tmp/config-kong.sh
17+
RUN chmod 777 /tmp/config-kong.sh
18+
19+
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
#Creates the services.
2+
curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=counterparty-service" --data "url=http://counterparty-service:8080/counterparties"
3+
curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=instrument-service" --data "url=http://instrument-service:8080/instrument"
4+
curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=valuation-service" --data "url=http://valuation-service:8080/valuation"
5+
curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=regulatory-service" --data "url=http://regulatory-service:8080/regulatory"
6+
#Creates the routes
7+
curl -S -s -i -X POST --url http://api-gateway:8001/services/counterparty-service/routes --data "paths[]=/api/v1/counterparty"
8+
curl -S -s -i -X POST --url http://api-gateway:8001/services/instrument-service/routes --data "paths[]=/api/v1/instrument"
9+
curl -S -s -i -X POST --url http://api-gateway:8001/services/valuation-service/routes --data "paths[]=/api/v1/valuation"
10+
curl -S -s -i -X POST --url http://api-gateway:8001/services/regulatory-service/routes --data "paths[]=/api/v1/regulatory"
11+
#Enable the Open ID Plugin
12+
curl -S -s -i -X POST --url http://api-gateway:8001/plugins --data "name=oidc" --data "config.client_id=api-gateway" --data "config.client_secret=798751a9-d274-4335-abf6-80611cd19ba1" --data "config.discovery=https%3A%2F%2Ffinancial-app.com%2Fauth%2Frealms%2Fmaster%2F.well-known%2Fopenid-configuration"
Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
#!/bin/sh
2+
set -e
3+
4+
export KONG_NGINX_DAEMON=off
5+
6+
has_transparent() {
7+
echo "$1" | grep -E "[^\s,]+\s+transparent\b" >/dev/null
8+
}
9+
10+
if [[ "$1" == "kong" ]]; then
11+
PREFIX=${KONG_PREFIX:=/usr/local/kong}
12+
13+
if [[ "$2" == "docker-start" ]]; then
14+
shift 2
15+
kong prepare -p "$PREFIX" "$@"
16+
chown -R kong "$PREFIX"
17+
18+
# workaround for https://github.com/moby/moby/issues/31243
19+
chmod o+w /proc/self/fd/1
20+
chmod o+w /proc/self/fd/2
21+
22+
if [ ! -z ${SET_CAP_NET_RAW} ] \
23+
|| has_transparent "$KONG_STREAM_LISTEN" \
24+
|| has_transparent "$KONG_PROXY_LISTEN" \
25+
|| has_transparent "$KONG_ADMIN_LISTEN";
26+
then
27+
setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx
28+
fi
29+
30+
exec su-exec root /usr/local/openresty/nginx/sbin/nginx \
31+
-p "$PREFIX" \
32+
-c nginx.conf
33+
fi
34+
fi
35+
36+
exec "$@"
Lines changed: 211 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,211 @@
1+
# ---------------------
2+
# custom_nginx.template
3+
# ---------------------
4+
5+
worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
6+
daemon ${{NGINX_DAEMON}}; # can be set by kong.conf
7+
8+
pid pids/nginx.pid; # this setting is mandatory
9+
error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
10+
events {}
11+
12+
http {
13+
charset UTF-8;
14+
error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
15+
client_max_body_size ${{CLIENT_MAX_BODY_SIZE}};
16+
proxy_ssl_server_name on;
17+
underscores_in_headers on;
18+
lua_package_path '${{LUA_PACKAGE_PATH}};;';
19+
lua_package_cpath '${{LUA_PACKAGE_CPATH}};;';
20+
lua_socket_pool_size ${{LUA_SOCKET_POOL_SIZE}};
21+
lua_max_running_timers 4096;
22+
lua_max_pending_timers 16384;
23+
lua_shared_dict kong 5m;
24+
lua_shared_dict kong_db_cache ${{MEM_CACHE_SIZE}};
25+
lua_shared_dict kong_db_cache_miss 12m;
26+
lua_shared_dict kong_locks 8m;
27+
lua_shared_dict kong_process_events 5m;
28+
lua_shared_dict kong_cluster_events 5m;
29+
lua_shared_dict kong_healthchecks 5m;
30+
lua_shared_dict kong_rate_limiting_counters 12m;
31+
lua_socket_log_errors off;
32+
33+
> if lua_ssl_trusted_certificate then
34+
lua_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE}}';
35+
> end
36+
lua_ssl_verify_depth ${{LUA_SSL_VERIFY_DEPTH}};
37+
# injected nginx_http_* directives
38+
> for _, el in ipairs(nginx_http_directives) do
39+
$(el.name) $(el.value);
40+
> end
41+
init_by_lua_block {
42+
Kong = require 'kong'
43+
Kong.init()
44+
}
45+
init_worker_by_lua_block {
46+
Kong.init_worker()
47+
}
48+
> if #proxy_listeners > 0 then
49+
upstream kong_upstream {
50+
server 0.0.0.1;
51+
balancer_by_lua_block {
52+
Kong.balancer()
53+
}
54+
> if upstream_keepalive > 0 then
55+
keepalive ${{UPSTREAM_KEEPALIVE}};
56+
> end
57+
}
58+
server {
59+
server_name kong;
60+
> for i = 1, #proxy_listeners do
61+
listen $(proxy_listeners[i].listener);
62+
> end
63+
error_page 400 404 408 411 412 413 414 417 494 /kong_error_handler;
64+
error_page 500 502 503 504 /kong_error_handler;
65+
access_log ${{PROXY_ACCESS_LOG}};
66+
error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
67+
client_body_buffer_size ${{CLIENT_BODY_BUFFER_SIZE}};
68+
> if proxy_ssl_enabled then
69+
ssl_certificate ${{SSL_CERT}};
70+
ssl_certificate_key ${{SSL_CERT_KEY}};
71+
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
72+
ssl_certificate_by_lua_block {
73+
Kong.ssl_certificate()
74+
}
75+
ssl_session_cache shared:SSL:10m;
76+
ssl_session_timeout 10m;
77+
ssl_prefer_server_ciphers on;
78+
ssl_ciphers ${{SSL_CIPHERS}};
79+
> end
80+
> if client_ssl then
81+
proxy_ssl_certificate ${{CLIENT_SSL_CERT}};
82+
proxy_ssl_certificate_key ${{CLIENT_SSL_CERT_KEY}};
83+
> end
84+
real_ip_header ${{REAL_IP_HEADER}};
85+
real_ip_recursive ${{REAL_IP_RECURSIVE}};
86+
> for i = 1, #trusted_ips do
87+
set_real_ip_from $(trusted_ips[i]);
88+
> end
89+
# injected nginx_proxy_* directives
90+
> for _, el in ipairs(nginx_proxy_directives) do
91+
$(el.name) $(el.value);
92+
> end
93+
94+
location / {
95+
root /www/data;
96+
}
97+
98+
99+
location /auth/ {
100+
proxy_pass http://iam:8080/auth/;
101+
proxy_set_header Host $host;
102+
proxy_set_header X-Real-IP $remote_addr;
103+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
104+
proxy_set_header X-Forwarded-Host $host;
105+
proxy_set_header X-Forwarded-Server $host;
106+
proxy_set_header X-Forwarded-Port $server_port;
107+
proxy_set_header X-Forwarded-Proto $scheme;
108+
109+
}
110+
111+
112+
location /api {
113+
default_type '';
114+
set $ctx_ref '';
115+
set $upstream_host '';
116+
set $upstream_upgrade '';
117+
set $upstream_connection '';
118+
set $upstream_scheme '';
119+
set $upstream_uri '';
120+
set $upstream_x_forwarded_for '';
121+
set $upstream_x_forwarded_proto '';
122+
set $upstream_x_forwarded_host '';
123+
set $upstream_x_forwarded_port '';
124+
rewrite_by_lua_block {
125+
Kong.rewrite()
126+
}
127+
access_by_lua_block {
128+
Kong.access()
129+
}
130+
proxy_http_version 1.1;
131+
proxy_set_header Host $upstream_host;
132+
proxy_set_header Upgrade $upstream_upgrade;
133+
proxy_set_header Connection $upstream_connection;
134+
proxy_set_header X-Forwarded-For $upstream_x_forwarded_for;
135+
proxy_set_header X-Forwarded-Proto $upstream_x_forwarded_proto;
136+
proxy_set_header X-Forwarded-Host $upstream_x_forwarded_host;
137+
proxy_set_header X-Forwarded-Port $upstream_x_forwarded_port;
138+
proxy_set_header X-Real-IP $remote_addr;
139+
proxy_pass_header Server;
140+
proxy_pass_header Date;
141+
proxy_ssl_name $upstream_host;
142+
proxy_pass $upstream_scheme://kong_upstream$upstream_uri;
143+
header_filter_by_lua_block {
144+
Kong.header_filter()
145+
}
146+
body_filter_by_lua_block {
147+
Kong.body_filter()
148+
}
149+
log_by_lua_block {
150+
Kong.log()
151+
}
152+
}
153+
location = /kong_error_handler {
154+
internal;
155+
uninitialized_variable_warn off;
156+
content_by_lua_block {
157+
Kong.handle_error()
158+
}
159+
header_filter_by_lua_block {
160+
Kong.header_filter()
161+
}
162+
body_filter_by_lua_block {
163+
Kong.body_filter()
164+
}
165+
log_by_lua_block {
166+
Kong.log()
167+
}
168+
}
169+
}
170+
> end
171+
172+
> if #admin_listeners > 0 then
173+
server {
174+
server_name kong_admin;
175+
> for i = 1, #admin_listeners do
176+
listen $(admin_listeners[i].listener);
177+
> end
178+
access_log ${{ADMIN_ACCESS_LOG}};
179+
error_log ${{ADMIN_ERROR_LOG}} ${{LOG_LEVEL}};
180+
client_max_body_size 10m;
181+
client_body_buffer_size 10m;
182+
> if admin_ssl_enabled then
183+
ssl_certificate ${{ADMIN_SSL_CERT}};
184+
ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
185+
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
186+
ssl_session_cache shared:SSL:10m;
187+
ssl_session_timeout 10m;
188+
ssl_prefer_server_ciphers on;
189+
ssl_ciphers ${{SSL_CIPHERS}};
190+
> end
191+
# injected nginx_admin_* directives
192+
> for _, el in ipairs(nginx_admin_directives) do
193+
$(el.name) $(el.value);
194+
> end
195+
location / {
196+
default_type application/json;
197+
content_by_lua_block {
198+
Kong.serve_admin_api()
199+
}
200+
}
201+
location /nginx_status {
202+
internal;
203+
access_log off;
204+
stub_status;
205+
}
206+
location /robots.txt {
207+
return 200 'User-agent: *\nDisallow: /';
208+
}
209+
}
210+
> end
211+
}

counterparty-service/pom.xml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -75,10 +75,7 @@
7575
<version>5.0.10.Final</version>
7676
<scope>test</scope>
7777
</dependency>
78-
<dependency>
79-
<groupId>io.thorntail</groupId>
80-
<artifactId>logstash</artifactId>
81-
</dependency>
78+
8279

8380
<dependency>
8481
<groupId>com.github.dadrus.jpa-unit</groupId>
Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
swarm:
1+
thorntail:
22
datasources:
33
data-sources:
44
CounterpartyDS:
@@ -10,8 +10,4 @@ swarm:
1010
myh2:
1111
driver-class-name: org.h2.Driver
1212
xa-datasource-name: org.h2.jdbcx.JdbcDataSource
13-
driver-module-name: com.h2database.h2
14-
logstash:
15-
hostname: localhost
16-
port: 9300
17-
level: INFO
13+
driver-module-name: com.h2database.h2

0 commit comments

Comments
 (0)